Re: [tcpinc] TCP-ENO draft 04 posted
Joe Touch <touch@isi.edu> Fri, 29 July 2016 21:30 UTC
Return-Path: <touch@isi.edu>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29D0412D112 for <tcpinc@ietfa.amsl.com>; Fri, 29 Jul 2016 14:30:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.187
X-Spam-Level:
X-Spam-Status: No, score=-8.187 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.287] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AJZheRgwLw6e for <tcpinc@ietfa.amsl.com>; Fri, 29 Jul 2016 14:30:23 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5FDF12D798 for <tcpinc@ietf.org>; Fri, 29 Jul 2016 14:30:22 -0700 (PDT)
Received: from [128.9.184.41] ([128.9.184.41]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id u6TLTtAq005731 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 29 Jul 2016 14:29:56 -0700 (PDT)
To: David Mazieres expires 2016-10-27 PDT <mazieres-ux4n4kmjgzjcccbc6tmev8hn6n@temporary-address.scs.stanford.edu>, tcpinc <tcpinc@ietf.org>
References: <87invokuu8.fsf@ta.scs.stanford.edu>
From: Joe Touch <touch@isi.edu>
Message-ID: <579BCAD1.4020509@isi.edu>
Date: Fri, 29 Jul 2016 14:29:53 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <87invokuu8.fsf@ta.scs.stanford.edu>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/CHyqKxVQ28VMqn81ts7FdikSvw4>
Subject: Re: [tcpinc] TCP-ENO draft 04 posted
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2016 21:30:24 -0000
Hi, all, I'm very confused by the new SYN data text. First, if you really want state based on previous connections that allows early use of SYN data before the 3WHS, that seems to be the very definition of TFO. So declaring that this solution is valid only where TFO isn't used seems the opposite of what I would expect. Second, the text doesn't cover the case where the endpoint abilities have changed. Unless you use TFO cookies to verify that ability, you should not assume you know it. Which means you can easily be sending data you need to unroll - and the only safe way to do that (if the endpoint turns out to be non-ENO even if you assumed otherwise) is to terminate the connection. Third, the claim that "Using data in SYNs deviates..." is incorrect. Data in the SYN is valid for TCP. Did you mean "acting on received data in the SYN before the 3WHS in the absence of TFO deviates..."? Joe On 7/29/2016 2:17 PM, dm-list-tcpcrypt@scs.stanford.edu wrote: > I just posted a new draft of TCP-ENO, available here: > > https://datatracker.ietf.org/doc/draft-ietf-tcpinc-tcpeno/ > > This reflects the issues discussed in Berlin, as well as the first cut > at data in SYN segments. Note that these changes are all open for > discussion, I just think that the discussion will be more useful if > framed in terms of concrete language of a draft document. For that > reason, we will aim for shorter iteration cycles on ENO, and once ENO > stabilizes start updating the other documents to match. > > Notable changes: > > * Specs are now TEPs. > > * General suboption renamed global suboption, and refered to more > consistenly that way. > > * 'cs' (configuration/spec) bits in an initial suboption byte are now > 'glt' (global/length/TEP). > > * The 'm' bit is gone, and we now have z1, z2, z3 in the global > suboption. > > * Length word is gone. > > * New Data in SYN segments section. > > * IANA considerations: added some if(TBD == 69) instructions for the > RFC-editor, and made clear legacy use of 69 can break connection and > MUST be disabled if it can't be upgraded. > > David > > _______________________________________________ > Tcpinc mailing list > Tcpinc@ietf.org > https://www.ietf.org/mailman/listinfo/tcpinc
- Re: [tcpinc] TCP-ENO draft 04 posted David Mazieres
- Re: [tcpinc] TCP-ENO draft 04 posted Joe Touch
- Re: [tcpinc] TCP-ENO draft 04 posted David Mazieres
- Re: [tcpinc] TCP-ENO draft 04 posted Joe Touch
- Re: [tcpinc] TCP-ENO draft 04 posted Joe Touch
- [tcpinc] TCP-ENO draft 04 posted dm-list-tcpcrypt